1. Field of the Invention
The present invention is related to methods for anti-virus (AV) protection and, in particular, to a method and system for dynamic generation of AV databases based on parameters of a user computer.
2. Description of the Related Art
Security of data located on user PCs, mobile devices or within enterprise systems is a problem that only becomes more complex every day. A large number of new malware applications appear practically every day. Each of these malware applications can cause computer failures or result in a loss or theft of critical personal user data. Many of the known malware applications are modified so they become harder to detect.
In order to maintain a necessary level of data security, vendors of AV systems have to constantly update their AV databases that are used for virus or malware detection. Modern AV databases contain various types of data: malware signatures (including heuristic signatures), blacklists of malicious object checksums, blacklists of web sites, executable codes of data unpacking algorithms and codes of heuristic data analysis, data for dealing with detected threats, etc.
In addition to these types of data, the AV databases can contain a code needed for updating components of the AV system. Thus, the AV databases are not only used for keeping the current signatures, but for updating the actual AV system. Data contained in the AV databases can be represented differently based on the AV system that uses them. The format and representation of the data are selected based on criteria such as, for example, simplicity of update, convenience of use, size, etc.
The data can be represented as a plurality of files of different formats, for example, as a dynamic link library (DLL), as XML files, or as proprietary formats used by a particular AV system. Currently, typical AV databases contain large volumes of various data that constantly increases in volume. This is caused by new malware appearing every day and corresponding data being inserted into the AV database. The ever-increasing size of AV databases makes them less suitable for frequent updates. A method for reducing a size of the AV database is desired.
A tendency of rapid increasing of the AV databases is a problem that is already critical for producers of the AV systems. It is desired to make the AV databases more convenient and mobile. Update of AV applications based on various parameters is disclosed in publications WO2010024606A2 and KR2009111152A.
WO2010024606A2 discloses a system and method for selection of data for computers based on an operating system and a version of an AV application used. KR2009111152A describes a system for updating AV systems. The system is based on classification of the files that need to be checked and generating a list of required updates.
These systems have some disadvantages. For example, the AV databases are generated manually based on a limited list of parameters. The AV database is created without taking into account overall security needs of a user, apart from checking the user files. U.S. Pat. No. 7,743,419 discloses a method for preventing computer virus epidemics. The method is based on collecting user PC information and analyzing it for signs of an epidemic. The epidemics can be predicted and prevented.
Accordingly, there is a need in the art for a system for dynamic generation of the AV databases based on parameters of a user computer without affecting the effectiveness of malware detection system that uses the AV database.